U.S. Fire Administration

The Critical Infrastructure Protection Process Job AidEmergency Management and Response-Information Sharing and Analysis Center

FA-313 2nd Edition: August 2007

Table of ContentsI. Introduction 1

A. JobAidPurpose 1B. Background 1C. EMR-ISACGoals 2D. EMR-ISACMajorTasks 2E. EMR-ISACInformationDissemination 3F. Glossary 3

II. CIP Overview 7A. Premise 7B. Objectives 8C. AdditionalConsiderations 8D. CIPProcessReview 9

III. CIP Process Methodology 11A. IdentifyingCriticalInfrastructures 11B. DeterminingtheThreat 12C. AnalyzingtheVulnerabilities 14D. AssessingRisk 15E. ApplyingProtectiveorResiliencyMeasures 17

IV. CIP Process Question Navigator 19

V. Infrastructure Protection Decision Matrix 21

VI. Establishing A CIP Program 23A. Justification 23B. ProgramManager 23C. ProgramDevelopmentandManagement 24D. ContactInformation 25

�

I. Introduction

A. Job Aid PurposeThisJobAidisaguidetoassistleadersoftheEmergencyServicesSector(ESS)withtheprocessofcriticalinfra-structureprotection(CIP).

Thedocumentintendsonlytoprovideamodelprocessortemplateforthesystematicprotectionofcriticalinfra-structures.

ItisnotaCIPtrainingmanualoracompleteroadmapofprocedurestobestrictlyfollowed.

TheCIPprocessdescribedinthisdocumentcanbeeas-ilyadaptedtoassisttheinfrastructureprotectionobjec-tivesofanycommunity,service,department,agency,ororganization.

B. BackgroundHomelandSecurityPresidentialDirective–7(December2003)establishedtherequirementtoprotectnationalcriticalinfra-structuresagainstactsthatwoulddiminishtheresponsibilityoffederal,state,andlocalgovernmenttoperformessentialmissionstoensurethehealthandsafetyofthegeneralpublic.HSPD-7identifiedtheEmergencyServicesasanationalcriticalinfra-structuresectorthatmustbeprotectedfromallhazards.TheEmergencyManagementandResponse—InformationShar-ingandAnalysisCenter(EMR-ISAC)activitiessupportthecriticalinfrastructureprotectionandresilienceofEmergencyServicesSectordepartmentsandagenciesnationwide.Thefireservice,emergencymedicalservices,lawenforcement,emergencymanagement,and9-1-1CallCentersarethemajorcomponentsoftheEmergencyServicesSector.Thesecomponentsincludesearchandrescue,hazardousmaterials(HAZMAT)teams,specialweaponsandtacticsteams(SWAT),bombsquads,andotheremergencysupportfunctions.

•

•

•

•

�

C. EMR-ISAC GoalsPromoteawarenessofthethreatstoandvulnerabilitiesofEmergencyServicesSector(ESS)criticalinfrastruc-turesviasector-wideinformationsharing.

EncourageESSprevention,protection,andresilienceactionsforallhazards,includingman-madeandnaturaldisasters.

Enhancesurvivability,continuity,and“response-ability”inall-hazardsenvironments.

D. EMR-ISAC Major TasksCollectcriticalinfrastructureprotectionandresilienceinformationhavingpotentialrelevanceforEmergencyServicesSector(ESS)departmentsandagencies.

Analyzeallcollectedinformationtoascertainitsimpor-tanceandapplicabilitytoESSorganizations.

Synthesizeanddisseminateemergentandconsequentialinfrastructureprotectionandresilienceinformationfortheleaders,owners,andoperatorsoftheemergencyservices.

ExpeditedistributionofDepartmentofHomelandSecurity(DHS)all-sourcethreatinformationtothevalidatedESSseniorleaders.

DevelopinstructionalmaterialsforCIPimplementationandtrainingneeds.

ProvideprofessionalassistancetoESSCIPpractitionersviaphone,e-mail,facsimile,andawebsite.

•

•

•

•

•

•

•

•

•

�

E. EMR-ISAC Information DisseminationCIP (FOUO) Notices.Containvital,actionableinformationpublishedbytheDepartmentofHome-landSecurity(DHS)asneededregardingthreatsandvulnerabilitiespotentiallyaffectingemergencyplansandoperations.(ForwardedFor Official Use OnlybythoseinvettedESSleadershippositions.)

CIP INFOGRAMs.Containfourshortarticlesissuedweeklyaboutprotectingthecriticalinfrastructuresofemergencyrespondersandtheircommunities.

CIP Bulletins.Containtimelyhomelandsecurityin-formationdistributedasneededinvolvingtheinfrastruc-tureprotectionoftheemergencyservices.

CIP Video.DVDreviewsthepracticeofCIPandtheroleoftheEMR-ISAC.

CIP Job Aid.BrieflyexplainshowtopracticeCIPinatime-efficientandresource-restrainedmanner.

Homeland Security Advisory System Guide.Pro-videsrecommendationsforprobableESSactionsbeforeandduringeachlevelofthesystem.

F. GlossaryThedefinitionsinthisglossaryarederivedfromlanguageenactedinFederallawsandusedinnationalplans,includingtheNationalInfrastructureProtectionPlan,NationalIncidentManagementSystem,andNationalResponsePlan.

All Hazards.Anapproachforprevention,protection,preparedness,response,andrecoverythataddressesafullrangeofthreatsandhazards,includingdomesticterror-istattacks,naturalandman-madedisasters,accidentaldisruptions,andotheremergencies.

•

•

•

•

•

•

•

�

Critical Infrastructure.People,assets,systems,andnetworks,whetherphysicalorvirtual,sovitaltotheUnitedStatesthattheirincapacityordestructionwillhaveadebilitatingimpactonsecurity,thenation’seconomy,publichealthorsafety,oracombinationofthosematters.

Critical Infrastructure Protection (CIP).CIPcon-sistsoftheproactiveactivitiestoprotecttheindispens-ablepeople,physicalassets,andcommunication/cybersystemsfromanydegradationordestructioncausedbyallhazards.

Emergency Services Sector. Asystemofpreparedness,response,andrecoveryelementsthatformsthenation’sfirstlineofdefenseforpreventingandmitigatingtheriskfromman-madeandnaturaldisasters.

Emergency Support Function.Agroupingofgovern-mentandcertainprivatesectorcapabilitiesintoanor-ganizationalstructuretoprovidethesupport,resources,andprogramsneededtosavelives,protectproperty,andrestoreessentialservicesandcriticalinfrastructurefol-lowingdomesticincidents.

Hazard.Somethingthatispotentiallydangerousorharmful,oftentherootcauseofanunwantedoutcome.

Mitigation.Activitiesdesignedtoreduceoreliminateriskstopersonsorpropertyortolessentheactualorpotentialeffectsorconsequencesofanincident.

Preparedness.Therangeofdeliberate,criticaltasksandactivitiesnecessarytobuild,sustain,andimprovetheop-erationalcapabilitytoprevent,protectagainst,respondto,andrecoverfromincidents.

Prevention.Actionstakentoavoidanincidentorinter-venetostopanincidentfromoccurring.

•

•

•

•

•

•

•

•

�

Protection.Actionstomitigatetheoverallrisktocriti-calinfrastructurepeople,assets,systems,networks,andfunctions,andtheirinterconnectinglinks,fromexpo-sure,injury,destruction,incapacitation,orexploitation.

Risk.Themeasureofpotentialharmfromanall-haz-ardsthreat.

Resiliency.Thecapabilityofpeople,assets,andsystemstomaintainfunctionsduringadisaster,andtoexpedi-tiouslyrecoverandreconstituteessentialservicesafteranall-hazardsevent.

Threat.Theintentionandcapabilityofanadversary(i.e.,peopleandnature)toundertakeactionsthatwouldbedetrimentaltocriticalinfrastructures.

Vulnerability.Aweaknessorflawinaninfrastructurethatrendersitsusceptibletoexploitation,disruption,damage,orincapacitationbyallhazards.

•

•

•

•

•

�

�

II. CIP Overview

A. PremiseAttacksonthepersonnel,physicalassets,andcommuni-cation/cybersystemsofEmergencyServicesSector(ESS)departmentsandagencieswillweakenperformanceofmissionessentialtasksorpreventoperationsentirely.

People(e.g.,terrorists,criminals,delinquents,employees,hackers,etc.),nature(e.g.,hurricanes,tornadoes,earthquakes,floods,wildfires,etc.);andhazardousmaterials(HAZMAT)accidentsinvolvingchemical,biological,radiological,ornuclearsubstancesaretheprimarysourcesofattacksoncriticalinfrastructures.

•

•

•

•

•

AttacksonESSpersonnel,physicalassets,andcom-munication/cybersystemsareseriousthreatstothesurvivability,continuity,andresponse-abilityofsectorpersonnelandtheiroperations.

Itisimpossibletopreventallattacks(e.g.,terrorism,naturaldisasters)againstcriticalinfrastructures.

Therewillneverbeenoughresources(i.e.,dollars,per-sonnel,time,andmaterials)toachievecompleteprotec-tionofESScriticalinfrastructures.

�

Therecanbenotoleranceforwasteandmisguidedspendinginthebusinessofcriticalinfrastructureprotec-tion(CIP).

B. ObjectivesTopreventormitigateattacksonESScriticalinfrastruc-turesbypeople(e.g.,terrorists,hackers,etc.),bynature(e.g.,hurricanes,tornadoes,etc.),andbyHAZMATaccidents.

Toprotectthepeople,physicalassets,andcommunica-tion/cybersystemsthatareindispensablynecessaryforsurvivability,continuityofoperations,response-ability,andmissionsuccess.

ToprovideananalyticalprocesstoguidethesystematicprotectionofESScriticalinfrastructuresbytheapplica-tionofareliabledecisionsequencethatassistssectorleaderstodetermineexactlywhatneedsprotectionandwhensecuritymeasuresmustoccur.

Toprovideatime-efficientandresource-restrainedprac-ticetoensuretheprotectionofonlythoseinfrastructuresthatarecriticalforsurvivability,continuityofopera-tions,response-ability,andmissionsuccess.

C. Additional ConsiderationsFromamunicipalperspective,CIPisprimarilyaboutprotectingthoseinfrastructuresunquestionablyneces-saryforthecontinuityofcrucialcommunityservicesuponwhichcitizensurvivabilitydepends.

ForEmergencyServicesSector(ESS)departmentsandagencies,criticalinfrastructureprotection(CIP)isfore-mostaboutprotectingthoseinternalinfrastructuresab-solutelyrequiredforthesurvivabilityofemergencyfirstrespondersandthepreservationoftheirresponse-ability.

•

•

•

•

•

•

•

�

CIPcanbeatooltoproduceanAmerican“mind-set”ofprotectionawarenessandconfidenceinournation’ssecurityandprosperity.Giventhesenewthoughts,itmayevokecitizenbehaviorsthatarefullysupportiveandcooperativewithnecessaryprotectivemeasures.

CIPmayalsobeameanstochangethebehaviorofterrorists.TheproperprotectionofAmericancriticalinfrastructureshasthepotentialtodevelopanew“mind-set”amongterroriststhattheiractionswillbefutileandnotyieldtheresultstheyseek.

D. CIP Process ReviewCIPinvolvestheapplicationofasystematicanalyticalprocessfullyintegratedintotheplansandoperationsofESSdepartmentsandagencies.

Itisasecurityrelated,timeefficient,andresource-re-strainedpracticeintendedtoberepeatedlyusedbytheleadersoftheemergencyservices.

TheCIPprocesscanmakeadifferenceonlyifappliedbyorganizationalleaders,andperiodicallyreappliedwhentherehavebeenchangesinkeypersonnel,physicalassets,communication/cybersystems,orthegeneralenviron-ment.

TheCIPprocessconsistsofthefollowingfivesteps:

1. Identifying critical infrastructuresthatmustremaincontinuouslyintactandoperationaltoaccomplishESSmissions(e.g.,firesuppression,emergencymedicalser-vices,lawenforcement,HAZMAT,searchandrescue,emergencymanagement,and9-1-1).

2. Determining the threatbyallhazardsagainstthosecriticalinfrastructures.

3. Analyzing the vulnerabilitiesorweaknessesexistinginthethreatenedcriticalinfrastructures.

•

•

•

•

•

•

�0

4. Assessing riskofthedegradationorlossofcrediblythreatenedandvulnerablecriticalinfrastructures.

5. Applying protective or resiliency measureswhereriskisunacceptabletopreventthethreat,protectthecrediblythreatenedandvulnerablecriticalinfrastructures,oren-suretherapidrestorationofcriticalinfrastructuresafteranall-hazardsattack.

��

III. CIP Process Methodology

A. Identifying Critical Infrastructures1. Identifyingcriticalinfrastructuresisthefirststepofthe

CIPprocess.

2. TheremainingstepsoftheCIPprocesscannotbeiniti-atedwithouttheaccurateidentificationofanorganiza-tion’scriticalcomponents.

3. ESScriticalinfrastructuresarethosepersonnel,physi-calassets,andcommunication/cybersystemsthatareindispensablyessentialforthesurvivability,continuityofoperations,response-ability,andmissionsuccessofESSdepartmentsandagencies.

4. Criticalinfrastructuresarethepeople,things,orsystemsthatwillseriouslydegradeorpreventsurvivability,conti-nuity,response-ability,andmissionsuccessiftheyarenotcontinuouslyintactandoperational.

5. ThefollowingaresomeexamplesofpotentialESScriticalinfrastructures:

a. Firefighters,police,paramedics,andemergencymedicaltechnicians.

b. Fire,police,andemergencymedicalvehicles,equipment,stations,andcommunicationssystems.

c. Computer-aideddispatchandcomputernetworks.

d. 9-1-1Centers(PublicSafetyAnsweringPoints).

e. Waterpumpingstationsanddistributionsystems.

f. Majorroadsandhighways.

g. Keybridgesandtunnels.

h. Localandregionalmedicalfacilities.

��

6. Despitemanysimilarities,thedifferencesinperson-nel,physicalassets,andcommunication/cybersystemsamongindividualESSdepartmentsandagenciesnecessi-tatethatseniorleadersidentifytheirowncriticalinfra-structures.

7. Rememberthatprotectionmeasurescannotbeimple-mentedifwhatneedsprotectionisunknown!

8. FollowingthedisastersinNewYorkCity(September2001)andNewOrleans(August2005),ESSorganiza-tionsinthosetwocitiescontinuedtoservetheircitizens.However,theirabilitytodosowastremendouslydegrad-edforaperiodoftimegiventheunprecedentedlossesoffirstrespondercriticalinfrastructures.

B. Determining the Threat1. Determiningthethreatfromallhazards(e.g.,terrorists,

criminals,hurricanes,tornadoes,earthquakes,floods,wildfires,etc.)againstidentifiedcriticalinfrastructuresisthesecondstepoftheCIPprocess.

2. Athreatisthepotentialforanattackfrompeopleornatureoracombinationofthese.ItalsoincludestheprobabilityofaHAZMATaccident.

��

3. TheremainingstepsoftheCIPprocessdependuponwhetherornotanorganization’scriticalinfrastructuresarethreatened.

4. ThreeexamplesofcrediblethreatsagainstESScriticalinfrastructures:

a. Nationalintelligencesourceswarnthatsuspectedterror-istsmayattempttodriveavehicle-borneimprovisedex-plosivedeviceintothepoliceheadquartersofalargecity.(Thisexampledemonstratesaterroristthreatagainstallcomponentsofapolicedepartment’scriticalinfrastruc-tures.)

b. Policeciteincreasingincidentsofindividualsbreakingintofiredepartmentstostealvaluableequipmentanddamageapparatus.(Thisexampledemonstratesacrimi-nalthreatagainstthephysicalassetsofafiredepartment’scriticalinfrastructures.)

c. TheNationalWeatherServiceforecastedthattheeasternandsoutherncoastsoftheUnitedStateswillexperienceeightmajorhurricanesbetween1Juneand30Novem-ber.(Thisexampledemonstratesanaturethreatagainstallcriticalinfrastructurecomponentsofallemergencydepartmentsandagenciesinadesignatedarea.)

5. Adeterminationofcrediblethreatmustbemadeforeachcriticalinfrastructureidentifiedinstepone.

6. Ifthereisnothreatofanattackagainstoneofanorgani-zation’scriticalinfrastructures,thentheCIPprocesscanstophereforthatparticularasset.

7. Whenthereisacrediblethreatofanattackagainstadepartment’scriticalinfrastructures,priortoproceed-ingtothenextstepoftheCIPprocess,itisnecessarytodetermineexactlywhichcriticalinfrastructuresarethreatenedandbywhomorwhatiseachoftheseinfra-structuresthreatened.

��

8. Leadersshouldconcentrateonlyonthosethreatsthatwilldangerouslydegradeorpreventsurvivabilityandresponse-ability.

9. Resourcesshouldbeappliedtoprotectonlythosecriticalinfrastructuresagainstwhichacrediblethreatexists!

C. Analyzing the Vulnerabilities1. Analyzingthevulnerabilitiesofonlycrediblythreatened

infrastructuresisthethirdstepoftheCIPprocess.

2. Thissteprequiresanexaminationofthesecurityvulner-abilities(i.e.,weaknessesrenderingtheinfrastructuressusceptibletodegradationordestruction)ineachofthethreatenedinfrastructuresdeterminedinstep2oftheCIPprocess.

3. TherearetwotypesofvulnerabilitiestoconsiderintheCIPprocess:

a. Aweaknessinacriticalinfrastructurethatmakesthein-frastructuresusceptibletodisruptionorlossfromanattackbyhumanadversaries.

b. AweaknessinacriticalinfrastructurethatwillfurtherweakenorcompletelydeteriorateasaresultofanaturaldisasterorHAZMATaccident.

4. Anefficientvulnerabilityanalysiswillexamineonlythecrediblythreatenedinfrastructuresfromthe“threatpointofview.”Thisisparticularlyusefulwhentryingtogetintothemindsofterroristsorcriminalstounderstandhowtheythinkand,therefore,howtheywillbehave.

5. Theanalysiswillseektocomprehendthewaysbywhichthreatsfromadversaries,nature,orHAZMATaccidentsmightdisruptordestroytheexaminedinfrastructurebecauseofexistingvulnerabilities.

��

6. Thefollowingarethreeexamplesofvulnerabilities:

a. AnESSfacilityisvulnerableiflocatedinatornado-pronearea,buthasnotbeenengineeredtowithstandatornado.

b. Emergencyservicespersonnelandequipmentarevul-nerabletoinjury,death,anddestructionifnotproperlytrainedtoprotectagainstsecondaryexplosionsatincidentsofterrorism.

c.Emergencyservicespersonnelarevulnerabletoacuteillnessordeathifnotvaccinatedforhepatitis,tetanus,influenza,etc.

7. Ifathreatenedinfrastructurehasnovulnerabilities,thentheCIPprocesscanstophereforthatparticularasset.

8. TheCIPprocessshouldproceedtothefourthsteponlyforthosethreatenedinfrastructureshavingvulnerabili-ties.

9. Theprotectionofthreatenedandvulnerableinfrastruc-turesandthemitigationoreliminationofexistingweak-nessescannotbeaccomplishedwithoutknowingwhatorwherethevulnerabilitiesare!

D. Assessing Risk1. Assessingriskofthedegradationorlossofacritical

infrastructureisthefourthstepoftheCIPprocess.

2.Threatenedandvulnerablecriticalinfrastructuresfromstep3oftheCIPprocessareahighpriorityforassessingtheriskofdegradationorincapacitation.

3.Focusingoneachhighpriorityinfrastructure,decisionmakersmustevaluatethecostofprotectiveorresiliencymeasuresintermsofavailableresources(e.g.,personnel,time,money,andmaterials).

��

4.Thedeterminedcostsofprotectiveorresiliencymeasures(i.e.,doingsomething)foreachhighpriorityinfrastruc-turearenowweighedagainsttheresultsofthedegrada-tionorlossofthatinfrastructure(i.e.,doingnothingandacceptingrisk).

5.Riskisunacceptableiftheimpactofthedegradationorlossofaninfrastructure(i.e.,fromdoingnothing)willbepotentiallycatastrophic.

6.Threeexamplesofriskassessmentfollow:

a. ESSleadersassessthattheincapacitationoftheirfacilityinatornado-proneareawouldseriouslydisruptconti-nuityofoperationsandresponse-abilityand,therefore,decidethattheriskisunacceptable.

b. ESSchiefofficersassessthattheriskofinjuryordeathfromsecondaryexplosionsatincidentsofterrorismistoogreat,andthatdoingnothingaboutthisriskisunaccept-able.

c.Theemergencymedicalservices(EMS)leadershipassessthatthereissignificantrisktoEMSpersonnelforacuteillnessordeathfromhepatitis,tetanus,influenza,etc.Theydeterminethatsomethingmustbedonetoprotectemployeesagainstknownpathogens.

7.Iftheimpactofthedegradationorlossofaninfrastruc-tureisnotconsideredremarkable,thendecisionmakerscantemporarilydecidetoacceptriskanddonothinguntilresourcesbecomeavailable.

8.Fortheinfrastructuresthatareriskadverseandrequireprotection,theCIPprocessmustproceedtothefinalstepfortheimmediateapplicationofprotectiveorresil-iencymeasures.

9.Failuretoassessriskcanresultintheinefficientapplica-tionofresourcesandasubsequentreductioninopera-tionaleffectiveness.

��

E. Applying Protective or Resiliency Measures1. Applyingprotectiveorresiliencymeasurestocredibly

threatenedandvulnerablecriticalinfrastructuresunac-ceptabletoriskisthefifthandlaststepoftheCIPprocess.

2. Protectiveorresiliencymeasuresareanyactionsthatpreventthethreat,protectthecrediblythreatenedandvulnerablecriticalinfrastructure,orensuretheswiftresto-rationofcriticalinfrastructuresafteranall-hazardsattack.

3. Protectiveorresiliencymeasuresareappliedtohighpri-ority,risk-adverseinfrastructuresthatnecessitatetheal-locationofresourcestopreservetheabilityofemergencyfirstresponderstoefficientlyperformtheirservices.

4. Communityleadersshoulddecidetheorderinwhichcrediblythreatenedandvulnerablecriticalinfrastruc-turesthatareunacceptabletoriskwillreceivethealloca-tionofresourcesandapplicationofprotectiveorresil-iencymeasures.

5. Possibleprotectiveandresiliencymeasuresdifferintermsoffeasibility,expense,andeffectiveness.Addition-ally,theycanbesimpleorcomplexactionslimitedonlybyimaginationandcreativity.

6. Thefollowingarethreeexamplesofprotectiveorresil-iencymeasures:

a. ESSleadersdecidethattheincapacitationoftheirfacilityinatornado-proneareawillunacceptablydisruptconti-nuityofoperationsandresponse-abilityand,therefore,agreetopromptlyacquiretheresourcestoalterthestruc-turetowithstandatornado.

b. ESSchiefofficersresolvethattheriskofinjuryordeathfromsecondaryexplosionsatincidentsofterrorismistoogreat.Consequently,theyarrangefortheproperperson-neltrainingtopreventorprotectagainstinjuryordeathfromsecondaryexplosions.

��

c. Theemergencymedicalservices(EMS)leadershipdeter-minethatthereissignificantrisktoEMSpersonnelforacuteillnessordeathfromhepatitis,tetanus,influenza,etc.Asaprotectivemeasuretheyensurethateveryem-ployeehasbeenvaccinatedagainstknownpathogens.

7. Infewinstances,theremaybenoeffectivemeanstoprotectacriticalinfrastructure.Sometimes,prohibitivecostsorotherfactorsmaketheapplicationofprotectiveandresiliencymeasuresimpossible.

8. Decisionsrequiringtheapplicationofprotectiveandresiliencymeasureswillinfluencepersonnel,time,andmaterialresources,anddrivethesecuritybudget.

9. Highpriority,risk-adverseinfrastructuresshouldbeconsideredalosstoplansandoperationsifprotectiveorresiliencymeasureshavenotbeenimplemented.

��

IV. CIP Process Question Navigator

DIRECTIONS:Asatime-efficienttacticwhenreviewingorreapplyingtheCIPprocess,answerthefollowingquestionsforeachinfrastructureofyourdepartmentoragency.Alternatively,usethedecisionmatrixseenatthenextpage.

Istheperson,thing,orsystempartoftheorganization’sinfrastructure?

IfNO,stop.IfYES,ask:

Isthisinfrastructureessentialforsurvivability,continuity,andresponse-ability?

IfNO,stop.IfYES,ask:

Istherepotentialforanattackfrompeopleornatureagainstthiscriticalinfrastructure,includingtheprobabilityforaHAZMATaccident?

IfNO,stop.IfYES,ask:

Isthethreatofanattackagainstthiscriticalinfrastructureatrulycredibleone?

IfNO,stop.IfYES,ask:

Isthereasecurityvulnerability(orweakness)inthethreat-enedcriticalinfrastructure?

IfNO,stop.IfYES,ask:

Doesthisvulnerability(orweakness)renderthecriticalinfrastructuresusceptibletodisruptionorloss?

IfNO,stop.IfYES,ask:

Isitacceptabletoassumeriskanddelaytheallocationofresourcesandtheapplicationofprotectiveorresiliencymeasures?

IfYES,stop.IfNO,then:

Applyprotectiveorresiliencymeasurestoprotectthiscriti-calinfrastructureassoonasavailableresourcespermit.

•

•

•

•

•

•

•

•

�0

��

V. Infrastructure Protection Decision Matrix

DIRECTIONS:Completethematrixforeachinfrastructureofyourdepartmentoragency.

Is the infrastructure a critical one?

Yes No.Stophere.

Is the critical infrastructure threatened?

Yes No.Stophere.

Is the critical infrastructure vulnerable?

No.Stophere.Yes

Is risk of degradation or loss acceptable?

Yes

Stophere.

Or

Delayprotectivemeasures.

No

Applyprotectivemeasures.

Or

Resourceforfutureprotectivemeasures.

��

��

VI. Establishing a CIP Program

A. JustificationAqualityCIPprogramsupportstheprotectionorresiliencyofthepeople,physicalassets,andcommunica-tion/cybersystemsuponwhichsurvivability,continuityofoperations,response-ability,andmissionaccomplish-mentdepend.

ThethreatofdomesticandtransnationalterrorismshouldprovideESSleaderswithsufficientjustificationtoimplementaCIPprogramwithintheirorganizations.

Ifthethreatofterrorismitselfdoesnotmotivateaction,thenrememberthattheCIPprocesscanalsomitigateoreliminatethedegradationordestructionofESSdepart-mentsandagenciescausedbynatureandHAZMATaccidents.

TheCIPprogramshouldbeintegratedasacomponentpartofanorganization’ssecurityandemergencypre-parednessplans,aswellastheconductofoperations.

B. Program ManagerCriticalinfrastructureprotectionisprimarilyleaderbusiness.Theemergencydepartmentoragencychief,commander,ordirectorappointsaprogrammanagerfromamongtheseniorleadershipoftheorganization.

Theprogrammanagerperformsthefollowingfunctions:

1. AdministertheCIPprogramandmaintainsitsvalue,relevance,andcurrency.

2. Prepare,obtainapprovalfor,andpublishtheprogram’spurpose,strategicgoals,andimmediateobjectives.

3. Leadtheefforttoacquiretheresourcesnecessarytoimplementprotectiveorresiliencymeasures.

•

•

•

•

•

•

��

4. Initiateactionsthatprovideprotectionorresiliencyfortheorganization’scriticalinfrastructuresagainstallhaz-ards.

C. Program Development and ManagementTheemergencydepartmentoragencychief,commander,ordirectorinstitutestheorganization’sCIPprogramanddelegatesauthoritytoamanager.

Thefollowingprogramdevelopmentandmanagementstepsarerecommended:

1. Selecttheprogrammanagerfromamongtheseniordeci-sionmakersoftheorganization.

2. Firmlyestablishtherelationshipbetweentheorganiza-tion’smissionandthepurposeforcriticalinfrastructureprotection.

3. Acquirethesupportofthedepartmentseniorandjuniorleadership,andorienttheCIPprogramprimarilytothem.

4. FocustheprogramonthepracticeoftheCIPprocesscontainedinthisguide.

5. Afterdeterminingwhichcriticalinfrastructuresareriskadverse(i.e.,theoutcomeofstep4oftheCIPprocess),aggressivelyseektheresourcesrequiredtoapplyprotec-tiveorresiliencymeasuresassoonaspossible.

6. Revisethedepartmentsecurityandemergencyprepared-nessplanstoincludetheCIPprogramandthecriticalinfrastructuresthatdemandprotectiveorresiliencymeasures.

7. Briefalldepartmentpersonnelregardingtherevisedplansandensureawarenessofactionstheycantaketosupportappliedprotectiveorresiliencymeasures.

•

•

��

8. Practiceoperationssecurity(i.e.,protectingsensitiveinformation)concurrentlywithCIP.

9. RemainvigilantforthreatadvisoriesandnewCIPtrends,methods,andconditionsdisseminatedbytheEMR-ISAC.

10. MaintaintheprogrambyreapplyingtheCIPprocesswhentherehavebeenchangesinkeypersonnel,physicalassets,communication/cybersystems,andthegeneralenvironment;however,attempttodosoatleastsemi-an-nually.

D. Contact InformationTheEmergencyManagementandResponse—InformationSharingandAnalysisCenter(EMR-ISAC)willprovideCIPconsultationorassistance(viatelephone,electronicmail,orfacsimile)toanyemergencyorganizationpracticingtheCIPprocessorestablishingaCIPprogram.ContacttheEMR-ISACat301-447-1325,orbyelectronicmailatemr-isac@dhs.gov.InterestedpersonnelcanalsovisittheEMR-ISACwebsiteathttp://www.usfa.dhs.gov/emr-isac.ThisinformationiscurrentasofAugust2007.

EMR-ISAC16825 South Seton Avenue

Emmitsburg, MD 21727301-447-1325

emr-isac@dhs.gov www.usfa.dhs.gov/emr-isac